Enabling or Disabling SCIM Automatic Provisioning
IAM Identity Center supports automatic provisioning (synchronization) of user and group information from your IdP into IAM Identity Center using the SCIM v2.0 protocol. When you configure SCIM synchronization, you create a mapping of your IdP user attributes to the named attributes in IAM Identity Center. This causes the expected attributes to match between IAM Identity Center and your IdP. You configure this connection in your IdP using your SCIM endpoint for IAM Identity Center and a bearer token that you create in IAM Identity Center.
This section includes the following content:
- Enabling Automatic Provisioning
- Disabling Automatic Provisioning
- Generating or Deleting an Access Token
Enabling Automatic Provisioning
Automatic provisioning is available only when the identity source is configured as an external identity provider.
- Log in to the Huawei Cloud console.
- Click
in the upper left corner of the page and choose Management & Governance > IAM Identity Center. - Choose Settings in the left navigation pane.
- On the Identity Source tab, select SCIM automatic provisioning for Provisioning Method and click Save.
Figure 1 Enabling SCIM automatic provisioning
- In the displayed dialog box, copy the SCIM endpoint and access token. You will need this information when configuring provisioning in your IdP.
The access token is displayed only once and cannot be viewed later. However, you can generate new tokens at any time. For details, see Generating or Deleting an Access Token.
Figure 2 Inbound automatic provisioning
- Click Close.
Disabling Automatic Provisioning
- Log in to the Huawei Cloud console.
- Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center.
- Choose Settings in the left navigation pane.
- On the Identity Source tab, select Set Automatic Provisioning for Provisioning Method.
Figure 3 Setting automatic provisioning
- In the Configuration area, click Disable in Status. In the displayed dialog box, enter DISABLE and click OK.
After you disable automatic provisioning, user updates that are made in the identity provider will not be synchronized. In addition, all access tokens will be removed. To re-enable automatic provisioning, you must generate a new access token.
Figure 4 Disabling automatic provisioning
Generating or Deleting an Access Token
- Log in to the Huawei Cloud console.
- Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center.
- Choose Settings in the left navigation pane.
- On the Identity Source tab, select Set Automatic Provisioning for Provisioning Method.
Figure 5 Setting automatic provisioning
- On the displayed page, in the Access Tokens area, click Generate.
Figure 6 Generating an access token
- In the token list, select one or more tokens to be deleted and click Delete.
- In the displayed dialog box, enter DELETE and click OK.
Figure 7 Deleting an access token
IAM Identity Center supports two access tokens at most. To generate additional access tokens, delete expired or unused access tokens.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
